Last week, following the release of the 2014 Cisco Annual Security Report, my colleague Levi Gundert and I took questions from you, our partners and customers, about the report and its most interesting findings.

This year’s report highlighted a number of new trends and found unprecedented growth of threat alerts, which reached the highest level we’ve seen in more than a decade of monitoring.

Although the report paints a grim picture of the current state of cybersecurity, we are optimistic that there is hope for restoring trust in people, institutions, and technologies. This must start with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during, and after an attack.

Here is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Levi or I will get back to you.

The demand for skilled IT security professionals is growing everyday in both the private and public sector, and much of today’s security training is dangerously out of step with current threats.

A recent Ponemon Cyber Attack study found that cyber crime was up 78% in 2013 vs. 2012, with resolution and recovery time more than doubling over the past year, costing organizations tens of millions of dollars annually.

The success of our industry and even our nation’s well-being are dependent on engaging students and developing the experts of the future in the areas of science, technology, engineering and mathematics (STEM). I am personally committed to STEM education initiatives, and want to share an exciting university that’s breaking new ground to lead the way and ensure students have a clear path to STEM careers. As the newest member of the State University System of Florida, Florida Polytechnic University is dedicated exclusively to STEM.

Within their College of Engineering and the College of Innovation and Technology, Florida Poly will offer six undergraduate degree programs and two Master degree programs. These include some really unique areas of concentration including Big Data Analytics, Cloud Virtualization, Health Informatics, Cyber Gaming, Information Assurance and Cyber Security, and even more.

Another unique aspect of this high-tech university is that they work closely with industry partners to ensure strong relevance to real-world needs. This will ensure graduates are learning the critical skills needed to join some very competitive workforces. In fact, all you have to do is check out the campus to be impressed:

If you are in Florida, check out the PolyPremiere – a campaign where Florida Poly is rolling out the purple carpet at movie theaters across the state to give potential students an in-depth look at Florida Poly’s campus, curriculum, culture and scholarships.

Security intelligence, threat intelligence, cyber threat intelligence, or “intel” for short is a popular topic these days in the Infosec world. It seems everyone has a feed of “bad” IP addresses and hostnames they want to sell you, or share. This is an encouraging trend in that it indicates the security industry is attempting to work together to defend against known and upcoming threats. Many services like Team Cymru, ShadowServer, ThreatExpert, Clean MX, and Malware Domain List offer lists of known command and control servers, dangerous URIs, or lists of hosts in your ASN that have been checking-in with known malicious hosts. This is essentially outsourced or assisted incident detection. You can leverage these feeds to let you know what problems you already have on your network, and to prepare for future incidents. This can be very helpful, especially for organizations with no computer security incident response teams (CSIRT) or an under-resourced security or IT operations group.

There are also commercial feeds which range anywhere from basic notifications to full-blown managed security solution. Government agencies and industry specific organizations also provide feeds targeted towards specific actors and threats. Many security information and event management systems (SIEMs) offer built-in feed subscriptions available only to their platform. The field of threat intelligence services is an ever-growing one, offering options from open source and free, to commercial and classified. Full disclosure: Cisco is also in the threat intelligence business

However the intent of this article is not to convince you that one feed is better than another, or to help you select the right feed for your organization. There are too many factors to consider, and the primary intention of this post is to make you ask yourself, “I have a threat intelligence feed, now what?” Read More »

Rarely a week goes by that we don’t hear of a database compromise that results in confidential data—many times consisting of personally identifiable information (PII)—falling into the hands of those who should not have access to the data. Protection of our PII is becoming increasingly critical as more and more information is collected and stored through the use of Internet-enabled devices.

The following is an excerpt from a recent post by Patrick Finn, Senior Vice President of Cisco’s U.S. Public Sector Organization, that focuses on the threat of data breaches impacting government organizations and provides some guidelines for how these organizations can assess and remediate these threats.

“Cyber crimes, cyber thievery, and cyber warfare have become an everyday reality. In fact, security breaches are so prevalent that, according to a new study from the National Cyber Security Alliance and a private sector firm, 26 percent of Americans have been the victims of a data breach in the past 12 months alone. Not only do breaches reduce citizens’ trust in government to protect their confidential data, they also cost government agencies a significant amount of money. For most CIOs and other government keepers of data, these statistics prompt one immediate question – “Can this happen to us?” Unfortunately, the answer to this question is: yes, it can.”

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.